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(54) Security system and software to prevent unauthorized use of a computing device 



(57) A security system to prevent unauthorized use 
of a computing device (1 0) comprises a key device (20) 
carrying an key identification. Memory means are in- 
stalled in said computing device for storing a validation 
record. An interface (1 1 ,21) is provided to connect said 
key device with said computing device, rendering a 
pathway to exchange said key identification with said 
computing device. The computing device is loaded with 
a program to validate said key identification which is em- 
bedded in said key device using said validation record. 



If said key identification and said validation record do 
not match use of the computing device is inhibited. The 
key device comprises programmable memory means to 
store further key information. The computer program is 
capable of accessing said further key information upon 
connection of the key device with the computing device. 
Said further key information enables the computer pro- 
gram to automatically add a validation record associat- 
ed with said key device and to grant privileges to the key 
device depending on the contents of said further key in- 
formation. 
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Description 

[0001] The present invention relates to a security sys- 
tem to prevent unauthorized use of a computing device, 
said system comprising a key device carrying an key 
identification; memory means installed in said comput- 
ing device for storing a validation record; an interface to 
connect said key device with said computing device and 
to provide a pathway to exchange said key identification; 
a program to validate said key identification embedded 
in said key device using said validation record; and 
means for inhibiting use of said computing device if said 
key identification and said validation record do not 
match. The invention moreover relates to software for 
preventing unauthorized use of a computing device. 
[0002] A system of the above kind is. known from In- 
ternational patent application WO 00/07088 which is in- 
corporated herein by reference. The known system In- 
volves a key device holding a key serial number together 
with a validation record stored on a hard disk drive of a 
computer. In order to gain access to the computer, a us- 
er has to connect the key device to the computer. Upon 
connection, a computer program loaded on said com- 
puter compares the serial number read from the key de- 
vice with validation records stored on the computer and 
only grants access if said serial number matches a serial 
number stored in a validation record. The computer au- 
tomatically powers down when no such matching vali- 
dation record is found. 

[0003] The computer program of the known system 
may be loaded in the initial program load firmware basic 
in/output system (BIOS) for a personal computer in or- 
der to attain a low level, secure protection against inad- 
vertent use of the computer. A drawback of the known 
system is however that for each computer to be secured, 
one or more validation records have to be stored on the 
computer concerned in order to render the security sys- 
tem operative. Already in a small to middle size organ- 
isation or any other environment with many computers 
which have to be secured this turns out relatively la- 
bourious and too tedious to be carried out by a system 
manager alone. Leaving the installation of the neces- 
sary validation records on the computers entirely to the 
users themselves, on the other hand, would impose a 
significant weakness In the security system as a whole. 
[0004] It is therefore inter alia an object of the present 
invention to provide a security system of the kind re- 
ferred to in the opening paragraph which allows, at least 
to a certain extent, for a distributed installation by the 
users on the computing devices concerned without 
compromising the rigidity of the security system as a 
whole. 

[0005] To that end a security system of the type de- 
scribed in the opening paragraph according to the 
present invention is characterized in that the key device 
comprises programmable memory means to store fur- 
ther key information, in that the computer program is ca- 
pable of accessing said further key information upon 



connection of the key device with the computing device 
and in that said further key information enables thecom- 
puter program to automatically add a validation record 
associated with said key device and to grant privileges 
s to the key device depending on thecontents of said fur- 
ther key information. The key device in the system ac- 
cording to invention may be programmed and dis- 
patched centrally by a system manager or any other re- 
sponsible officer in the organisation. The further key in- 
to formation which is thereby stored in the key device en- 
ables the key device to register itself onto a computing 
device once a connection is established. As such the 
key contains all information necessary to add a com- 
plete validation record to the computing device without 
15 any further intervention by its user. Although the physi- 
cal registration may be performed by the user himself, 
the system manager nevertheless remains fully in con- 
trol of the privileges which are eventually granted to the 
user. 

20 [0006] A preferred embodiment of the security system 
is according to the invention characterized in that said 
further key Information comprises a key type identifica- 
tion of said key device and in that said computer pro- 
gram grants privileges to the key device depending on 
25 the key type of the key device. Instead of exactly spec- 
ifying the privileges which may be derived from a key 
device, specific key types are used which define a pre- 
defined access profile. The key type is written into the 
key device memory and enables the computer program 
30 to add the appropriate validation record to the comput- 
ing device, if access is permitted at all. These key types 
and associated access profiles make ft relatively easy 
for a system manager to correctly program and manage 
all keys to be issued. 
35 [0007] In a special embodiment the security system 
according to the invention is characterized in that the 
key type identifies the key device as a prime user key 
which enables first time access to the computing device. 
The prime user key is meant for a principal user of the 
40 computing device running the computer program. In this 
embodiment, each computing device should have a 
principal user and there can only be one principal user 
per system. Principal or prime users identify themselves 
as such by a key device of the specific type and may as 
45 such gain access to a system onto which so far no (oth- 
er) principal user has been registered. After such first 
time access, only the principal user can add or delete 
further users and accordingly decide who will have ac- 
cess to the computing device and the stored data. Op- 
50 tionally a computing device specific code may be added 
to the prime user key to limit the above privileges to a 
specific computing device only. After registration on a 
specific computing device the prime user key will loose 
that status and will further act as a normal key. In order 
55 to register on a new computing device as a prime user, 
the key needs to be re-activated as such by the system 
operator or the like so that security within the system is 
preserved. 
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[0008] A turther embodiment of the security system 
according to the invention is characterized in that the 
key type identifies the key device as a normal user key. 
A normal user key may be programmed for users who 
need access to a computing device that has already 
been configured by a principal user as described here- 
inbefore. A computing device cannot be accessed by 
means of a normal user key unless a principal user has 
already been registered on said computing device and 
has granted access for the normal user key user. As 
such it is the principal user who grants or denies normal 
user access to the computing device by adding or de- 
leting the appropriate validation record from a list of nor- 
mal users of the system. If desired, the number of nor- 
mal users of the system may be restricted to a certain, 
pre-defined maximum. 

[0009] In a further embodiment, the security system 
according to the Invention is characterized in that the 
key type identifies the key device as a service key which 
enables access to a restricted portion of the computing 
device only. To allow service or maintenance operations 
on a system, the system manager may in this embodi- 
ment program a special service key. The service engi- 
neer that uses the service key can log onto the system, 
but has subsequently only limited access to the comput- 
ing device. Userspecific, personal data may for instance 
be hidden, whereas access to general system informa- 
tion may be granted to enable software and hardware 
updates or any other maintenance by the service engi- 
neer. A service key need not be limited to a specific com- 
puting device but may instead operate on all computing 
devices in the organisation or a selected part thereof. 
Unlike a normal key, the service key does not need to 
be registered on a computing device to give access and 
hence no intervention by an end user is required. 
[0010] Often larger organisations are divided into de- 
partments and groups of users which should have mu- 
tual access to their computing devices and associated 
data but not beyond that level. In view thereof, a special 
embodiment of the security system according to the in- 
vention is characterized in that the further key informa- 
tion identifies the key device as a group key, enabling 
access to computing devices belonging to a specific 
group. Such a group key allows access to all computing 
devices that have a principal user belonging to the same 
group. The principal user of a computing device normal- 
ly grants such access. However, a principal user belong- 
ing to one group cannot grant access to a key device 
belonging to another group. As a result central control 
of group access may be secured although the actual 
registration is carried out by end users. 
[0011] In larger organisations it may be required to 
have access to a computing device without the interven- 
tion of the principal user involved to allow management 
of several groups. In view thereof, a further embodiment 
of the security system according to the invention is char- 
acterized in that the further key information identifies the 
key device as a master key, enabling immediate access 



to computing devices belonging to one or more selected 
groups. In this respect immediate access means that 
such a master key will give access to the computing de- 
vice concerned without intervention by a principal user, 

5 provided that the computing device has a principal user 
belonging to a group the master key has been issued 
for. A master key can support a number of different, pre- 
defined groups, so that a system manager may control 
th level of access by a master key holder. 

10 [0012] The key device provides a level of security 
which requires the possession of the device itself. With- 
out a key device no access is possible to a computing 
device in the system. To attain an even higher degree 
of security a special embodirnent of the security system 

is according to the invention is characterized in that at 
least one of the further key information and the valida- 
tion record comprises a personal authorization code to 
be input by a user of the key device. After having estab- 
lished a connection between the key device and the 

so computing device, requiring the possession of the key 
device, the user will in this case be prompted for a per- 
sonal identification or authorization code, requiring 
knowledge. Only a user having both the possession of 
the key device and knowledge of the authorisation code 

25 may gain access to the computing device. This addition- 
al security is specifically important in case of loss ortheft 
of a key device. 

[0013] In a further embodiment, the security system 
according to the invention is characterized in that the 

30 further key information comprises an encryption key 
which enables the encryption and decryption of informa- 
tion stored on the computing device. Encryption of the 
relevant data provides a further level of security. In case 
of unauthorized access to the computing device, by- 

35 passing the security offered by the key device itself, the 
data stored in the computing device, or at least the sen- 
sitive part of it, may thus still be protected against mis- 
use by means of a suitable encryption algorithm requir- 
ing the decryption key to render the data eligible. 

40 [0014] The key device may have an unlimited lifetime 
or may be issued for a limited period only. To implement 
this functionality, a further embodiment the security sys- 
tem according to the invention is characterized in that 
the further key information comprises an access limit de- 

45 fining a maximum number of access permissions grant- 
ed to the key device. A key device of this kind may for 
instance be used for a service engineer of user who 
needs only temporary access to a computing device. Af- 
ter said number of access permissions the key device 

so becomes invalid and useless so it presents no thread 
anymore to the security of the computing device. 
[001 5] The invention will now described in more detail 
with reference to a specific embodiment and an accom- 
panying drawing, which shows in: 

55 

figure 1 a basic setup of a security system in ac- 
cordance with one embodiment of the present in- 
vention; and in 
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figure 2 a flowchart of a computer program capable 
of running on a computing device which is secured 
by an embodiment of the security system in accord- 
ance with the present invention. 



[001 6] The present invention provides a security sys- 
tem to prevent unauthorized access to a computing de- 
vice. Many kinds of computing devices are suitable to 
be protected by means of a system according to the in- 
vention such as different kinds of computers like person- 
al computers, laptop computers, so called personal dig- 
ital assistants (PDA or palmtop computer and the like, 
but also other computing devices like telephone sets 
and different kinds of electronic domestic appliances 
lean themself for the present security system. All that is 
required is an interface to communicate with the device 
and a mlcroprocessortogetherwlth storage means with- 
in the device to process an access request. In the em- 
bodiment below, a personal computer is taken just as 
an example without delimiting the present invention to 
that kind of device. 

[0017] In order to secure one or more a personal or 
laptop computers 10, a key device 20 is issued for each 
device by a system manager or any other person within 
an organisation responsible for security of the IT envi- 
ronment. The key device 20 consists of a little token 
which may readily be attached to other keys of the user, 
like home and car keys, likely to be carried along. Key 
information 25 is written into the key device by means 
of appropriate software, available to the system manag- 
er only, in order to activate the key device. The key de- 
vice comprises programmable memory means capable 
of storing said key information. In this embodiment flash 
EEPROM is used as storage medium in the key device 
but also other kinds of non-volatile, one-time or repeat- 
edly programmable memory may be used or even vol- 
atile memory provided that the latter is accompanied by 
a suitable power source, like a battery or the like, in order 
to avoid data loss. 

[0018] The key device contains a unique Key ID, 
which may be provided as manufactured in the form of 
a unique serial number or may be programmed later on 
once the key device is activated. Besides a unique ID, 
the key device of the present example holds one or more 
Group ID'S, an Encryption Key for each group, a Key 
Type identification and an Active Count number. These 
data are provided by the system manager as the key is 
issued and activated. The purpose of the several data 
fields will become apparent below. Depending on the 
specific application more data fields may be added to 
the above described key information or some may pos- 
sibly be dispensed with as the case may be. The key 
device 20 comprises a standard infrared interface 21 
which operates according to the Ultra Protocol as es- 
tablished by the Infrared Data Association (IrDA) in or- 
der to facilitate data communication between a system 
manager's work station and the key device. The above 
data are written into the key memory using this interface. 



[0019] The same interface is used as a communtea- 
:on means with a user system in order to gain access. 
To this end the computer system is turned on, which 
causes a computer program associated with the system 
5 of the invention to launch as part of the startup proce- 
dure, preferably embedded in the BIOS ROM boot se- 
quence. The basic flow of this program is schematically 
drawn in figure 2. The program starts at 100 and auto- 
matically proceeds to a first procedure 200 to lock the 
10 keyboard and mouse of the computer system and to 
prompt the user to connect the key device. The latter is 
simply accomplished by pointing the key device 20 IrDA 
interafce21 to a similar infrared interface 11 on the com- 
puter system 1 0 as indicated in figure 1 and pressing a 
« button on the key device to start data exchange. Once 
connected, the computer program is capable of access- 
ing and retrieving key Information from the key device 
and will read the key Information as part of the program's 
execution. 

20 [0020] First a verification step 202 Is carried out to es- 
tablish whether or not the key device is a valid device 
for the system concerned, as such ft should belong to 
the same group as the computing device. A specific in- 
teger value both in plain form and in encrypted form, us- 
« ing the group's encryption key, has been written to the 
computing device during set up. At stage 202 this Inte- 
ger value is sent to the key device which upon receipt 
encrypts the integers value using its own, embedded en- 
cryption key. The result is then transmitted to the com- 
30 puting device and therecompared to the stored encrypt- 
ed value. If both encrypted values are Identical to one 
another, the verification step 202 is successful and the 
program proceeds to step 205, where the key informa- 
tion is actually accessed and transferred to the system. 
35 |f no valid verification appears to be possible, the pro- 
gram terminates immediately, and no transfer of sensi- 
tive key information takes place at all. As such the in- 
vention provides unparalleled security. 
[0021] A rolling code mechanism is used in the key 
40 device in order to avoid tampering by means of inter- 
ception of the communication signal between the key 
device and the computer system. This mechanism, also 
known as code hopping, generates a different random 
code using a non-linear encryption algorithm each time 
« the key device connects to the computer system. This 
rolling code renders every transmission unique so cap- 
turing and re-transmitting the code is useless. The roll- 
ing code is a combination of a sync counter and an en- 
cryption key using a non-linear encryption algorithm. 
so The sync counter value is the basis of every different 
code for each transmission and is updated each time 
the button of the key device is pressed and a connection 
is made with the computers system. Because of the 
complexity of such a code hopping principle, already a 
S5 change in one bit of the syne value will result in a large 
change in the actual code which is being transmitted, 
which is hence impossible to predict. The sync value in 
the key device and a corresponding one on the compu- 
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ter system are synchronized each time a connection is 
made. 

[0022] Primarily the key type recorded in the key de- 
vice determines the further flow of the program. One 
byte of storage is used within the key device to be able 
to implement 256 different key types. As such only the 
six key types listed in the next table are used in this ex- 
ample, but numerous other key type may be envisaged 
without departing from the scope of the present inven- 
tion each giving its own functionality and privileges. 



Key type: 


Byte code: 


Master key 


00000000 


User keys: 




Prime 


00000001 


Normal 


00000010 


Replacement 


00000011 


Group key 


00000100 


Service key 


00000101 



[0023] If the program identifies the key device as a 
master key in step 210, immediate access is granted 
without any further validation of the key device. The pro- 
gram stops at a first termination 300. 
[0024] If the key device is not a master key, the vali- 
dation program continues and checks at point 220 
whether the key device is a user key. Different types of 
user keys may be issued. As such the above table lists 
a Prime or Principal user key, a Normal user key and a 
Replacement user key. If the program identifies the key 
device as any of these types of user keys it continues 
to step 225 where it checks whether the user key is a 
prime or principal user key. This key is used for first time 
access to a system and embodies the core of the 
present invention. Each computing device within the 
system of the present invention has its own principal us- 
er being the user that logged onto the device with a 
prime user key when the device was not allocated yet. 
Upon connecting the principal user key the program will 
identify the key device as such in step 225 and proceeds 
to step 230 to add validation table to the system. This 
validation table is written to hard disk and contains a 
record for each user which is allowed access to the sys- 
tem. Each validation record holds the user information 
shown in figure 1 in conjunction with the computer sys- 
tem and comprises such a record associated with the 
principal user ab initio. Afterwards, the principal user 
may add as many additional users to the system as de- 
sired, using a separate software tool, provided these ad- 
ditional users are in the same group as the principal us- 
er. This privilege of the principal user emerges from the 
access level which is record in the validation table for 
each user and is set to full access as a system admin- 
istrator for the principal user. The group ID associated 
with the principal user is copied from the prime user key 
and determines which other user may be added to the 



system on the discretion of the principal user. After the 
validation table has been added the principal user is giv- 
en access to the system and the key device independ- 
ently sets the key type byte to that of a normal user key 

5 so that the principal user key can be used only once to 
allocate a computer system. Accordingly, without having 
to interfere with the installation of key devices on the 
system, a system manager responsible for issuing the 
key devices, keeps control of the security within the sys- 

10 tern. 

[0025] A special kind of key device is the so called 
replacement key which is used in case of loss or theft 
of the principle user key of a system. The presence of 
this type of key is checked at stage 235 of the program. 
'5 a replacement key is programmed by the system man- 
ager with the same group number and encryption key 
as that of the lost prime user key. The prime user cmay 
then use this replacement key to gain access to his own 
system. After being verified en found valid in step 202 
the program proceeds to step 240 where the existing, 
original prime user record is deleted and replaced by the 
appropriate record information of the replacement key. 
At the end the replacement key sets its own type iden- 
tification to that of a prime user key. From now on the 
replacement key behaves like a prime user key and the 
original prime user key has become inoperative. 
[0026] If the user key device is not a principal user key 
or a replacement key but a normal user key or a replace- 
ment key, the computer program will try to verify the key 
information at stage 245. As such it will first search the 
system for a validation table. If no such table is found, 
access is denied and the program terminates at 350. If 
on the other hand a validation tables exists on the sys- 
tem the computer program will look for the appropriate 
user record in order to validate the key device. This is 
done by using the encryption key written in the key de- 
vice. This key is used to decrypt the PIN-code, access 
level, encryption key and possibly other user information 
which are stored in the user record in encrypted form. 
After decrypting this information using the encryption 
key which is retrieved from the key device, the computer 
program establishes in step 250 whether the result is 
sensible or not. In the latter case access is denied lead- 
ing to termination 350 of the program. Otherwise the 
program continues to step 255 to check whether or not 
a PIN code is stored in the user record. It should be not- 
ed that the encryption key does not reside in permanent 
memory on the computing device but in the key device 
only. Once the key device has been verified the encryp- 
tion key of the key device is written into volatile memory 
of the computing device, where it is at the disposal of 
the computing device for the duration of a session. Upon 
power down or a power save mode the encryption key 
is erased from the computing device's memory and 
should again be transferred to the computing device to 
gain unlimited access, using the key device. In this man- 
ner it is practically impossible to retrieve the encryption 
key from in case of possession of merely an inactive 
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computing device, while all sensitive data on the com- 
puting device reside in encrypted form. 
[0027] A PIN code provides additional security and 
may be recorded once a user is added to the system, at 
the choice of that user. With a PIN code stored in the s 
system the user needs something to have, i.e. the key 
device, together with something to know, i.e. the PIN- 
code, in orderto gain access to the system. As the PIN- 
code is stored in encrypted form it is not possible for 
other users to retrieve the PIN code from the system 10 
itself after having gained access to the validation table. 
The invention, hence, provides an extreme high degree 
of security. After the PIN code has been validated in step 
260 and found valid in step 265 the program proceeds 
to step 270. If the PIN-code is found invalid the program is 
terminates at 350 and access is denied. If no PIN-code 
has been recorded for the specific user, the validation 
steps 260,265 are by-passed andthe program proceeds 
to step 270 without further action. 

[0028] At step 270 the program establishes whether so 
the key device has expired yet or not. This is done by 
means of the access count which may have been written 
to the key device when it was issued end which deter- 
mines the maximum times of access to the system by 
means of that key. The user record comprises an Access ss 
Count field in order to record each time access is given 
to that user. If in step 270 the Access Count read from 
the user record exceeds the Active Count, access is de- 
nied and the program terminates at 350, other wise the 
Access Count is incremented by one in step 275 and so 
access is granted at termination 300. 
[0029] The encryption key retrieved from the user's 
key device is indispensable for decrypting (and encrypt- 
ing (selected) data on the computing device. According- 
ly, even if all security steps of the access program ac- 35 
cording to the invention are bypassed, the (sensitive) 
data residing on the system are still protected. Because 
the highly sensitive encryption key need not be stored 
on the computing device within the system of the inven- 
tion, the system is ever protected against abuse by in- 
truders not having an appropriate key device. 
[0030] Besides user keys special key may be issued 
for special users. As such a group key allows access to 
all systems in one or more groups, which are identified 
as such by means of a collection of group ID'S which « 
have been written into the key device. A group key may 
be issued in order to allow management of an entire 
group of computing devices. If the key device is a group 
key the program immediately branches to step 2B0 at 
verification of the key device in step 220. In the subse- so 
quent validation step 285 the program checks whether 
a validation table exist and the group ID listed in the val- 
idation table in conjunction with the principal user, is ac- 
tually present in the collection of group ID'S retrieved 
from the group key device. Moreover, the group key ss 
should contain the encryption key of each group for 
which it is issued. If all affirmative, access is granted and 
the program terminates at 300, otherwise access is de- 
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nied at 350. Optionally a PIN code may be required to 
gain group access, in which case the computer program 
will comprise the necessary validation procedures be- 
tween step 290 and termination 300. 
[0031 ] To allow service or maintenance operations on 
a system, a system manager can program a special 
service key. A service engineer that uses the service key 
can log into a system but cannot access the data resid- 
ing on the system in an encrypted volume. This is im- 
plemented in step 295 of the program. If the key device 
is identified as a service key access is given. Because 
the service key is only meant to be used for service op- 
eration on the computing device it does not contain an 
appropriate encryption key to access the encrypted data 
on the system. The service key accordingly has only lim- 
ited access at termination 325 of the program. If desired 
a service key may be limited to one or more groups and 
may be accompanied by a PIN-code, in which case the 
program will have the appropriate verification steps be- 
tween steps 295 and 325. 

[0032] If the computer program does not identify the 
key device as a service key in step 295 it wit) terminate 
at 350. The system according to the invention is hence 
a closed system in that only the key types known to the 
computer program may give access to the system, pro- 
vided the have the right credentials, and others simply 
won't. The invention thereby provides for a security sys- 
tem which may be managed from a distance by a system 
manager without losing security control. 
[0033] Although the invention has been elucidated to 
more extend in conjunction with the embodiment de- 
scribed hereinbefore, it will be appreciated that the in- 
vention is not at all limited to the specific example given. 
On the contrary, numerous other embodiments and ex- 
amples are feasible for a skilled person without depart- 
ing from the scope and the spirit of the present invention. 



Claims 

1 . A security system to prevent unauthorized use of a 
computing device, said system comprising a key 
device carrying an key identification; memory 
means installed in said computing device for storing 
a validation record; an interface to connect said key 
device with said computing device and to provide a 
pathway to exchange said key identification; a pro- 
gram to validate said key identification embedded 
in said key device using said validation record; and 
means for inhibiting use of said computing device if 
said key identification and said validation record do 
not match characterized in that the key device 
comprises programmable memory means to store 
further key information, In that the computer pro- 
gram is capable of accessing said further key infor- 
mation upon connection of the key device with the 
computing device and in that said further key infor- 
mation enables the computer program to automat- 
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ically add a validation record associated with said 
key device and to grant privileges to the key device 
depending on the contents of said further key infor- 
mation. 

2. A security system according to claim 1 character- 
ized in that said further key information comprises 
a key type identification of said key device and in 
that said computer program grants privileges to the 
key device depending on the key type of the key 
device. 

3. A security system according to claim 2 character- 
ized in that the key type identifies the key device 
as a prime user key which enables first time access 
to the computing device. 

4. A security system according to claim 2 character- 
ized In that the key type identifies the key device 
as a normal user key. 

5. A security system according to claims 2 character- 
ized in that the key type identifies the key device 
as a service key which enables access to a restrict- 
ed portion of the computing device only. 

6. A security system according to any of the preceding 
claims characterized in that the further key infor- 
mation identifies the key device as a group key, en- 
abling access to computing devices belonging to a 
specific group. 



maximum number of access permissions granted 
to the key device. 

12. A security device according to anyone of the pre- 
5 ceding claims characterized in that said interface 

comprises a wireless connection between the key 
device and the computing device. 

13. A security system according to any one of the pre- 
10 ceding claims characterized in that key device and 

said computing device are capable of encrypted da- 
ta exchange over said interface. 

14. Software to prevent unauthorized access to a corn- 
's puting device as used in the system according to 

anyone of the preceding claims. 

15. Software according to claim 14 comprising means 
to identify a key device connected to said computing 

20 device and to retrieve a specific key information 
from said key device, in which said key information 
determines at least part of a further execution of the 
software's program code. 

25 16. Software according to claim 14 or 15 characterized 
in that said key information enables the computer 
program to automatically add a validation record as- 
sociated with said key device and to grant privileges 
to the key device depending on the contents of said 

30 key information. 



7. A security system according to claim 6 character- 
ized in that the further key information identifies the 
key device as a master key, enabling immediate ac- 35 
cess to computing devices belonging to one or more 
selected groups. 



8. A security system according to any one of the pre- 
ceding claims characterized in that at least one of *o 
the further key information and the validation record 
comprises a personal authorization code to be input 
by a user of the key device. 



9. A security system according to any one of the pre- *s 
ceding claims characterized In that the further key 
information comprises an encryption key which en- 
ables the encryption and decryption of information 
stored on the computing device. 

so 

10. A security system according to claim 9 character- 
ized in that the encryption key is stored in the key 
device permanently and on the computing device 
only temporary for the duration of a session. 

55 

11. A security system according to anyone of the pre- 
ceding claims characterized in that the further key 
information comprises an access limit defining a 
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(57) A security system to prevent unauthorized use 
of a computing device (10) comprises a key device (20) 
carrying an key identification. Memory means are in- 
stalled in said computing device for storing a validation 
record. An interface (11,21) is provided to connect said 
key device with said computing device, rendering a 
pathway to exchange said key identification with said 
computing device. The computing device is loaded with 
a program to validate said key identification which is em- 
bedded in said key device using said validation record. 



If said key identification and said validation record do 
not match use of the computing device is inhibited. The 
key device comprises programmable memory means to 
store further key information. The computer program is 
capable of accessing said further key information upon 
connection of the key device with the computing device. 
Said further key information enables the computer pro- 
gram to automatically add a validation record associat- 
ed with said key device and to grant privileges to the key 
device depending on the contents of said further key in- 
formation. 



Group ID 
PIN coda* 
Accra level* 
User Information * 
Access Count 
Syne value 
Integer Value 
/ ♦ Integer Value* 
t 1 



CO 

< 

I s - 

CM 
CM 



LU 




Key ID 

Group IDl..n 
Encryption Key 
Key Type 
Active Count 
Syncv 



FIG. I 



Printed by Jouve. 76001 PARIS (FR) 



EP 1 271 277 A3 




European Patent 
Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP ©1 20 2634 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



Citation of document with indication, where appropriate, 
of relevant pa»Bao ea 



Relevant 
to claim 



CLASSIFICATION OF THE 
APPLICATION <mtCt7) 



X,D 

Y 



FERREIRA R: 'THE PRACTICAL APPLICATION OF 
STATE OF THE ART SECURITY IN REAL 
ENVIRONMENTS • , ADVANCES IN CRYPTOLOGV - 
AUSCRYPT. SYDNEY, JAN. 8 - 11, 1990, 
PROCEEDINGS OF THE INTERNATIONAL 
CONFERENCE ON CRYPTOLOGY - AUSCRYPT, 
BERLIN, SPRINGER, DE, VOL. CONF. 1, 
PAGE(S) 334-355 XP008145211 
ISBN: 3-540-53008-2 



1,2, 
6-11,13 



G86F1/00 



page 340 
figure 3 
page 345 

page 347 
page 351 



page 341 



page 349; figure 4 * 
page 352 * 



US 6 216 230 81 (BEHAR YAACOV 
10 April 2001 (2001-04-10) 
* the whole document * 



ET ALJ 



GB 2 320 597 A (POWERDESK PLC) 
24 June 1998 (1998-06-24) 

* abstract * 

* page 2, line 22 - page 3, line 29 

* page 4, line 16 - line 33 * 



The present search report has been drawn up for all darns 



3-5,12, 
14-16 



1,7-10, 
12.13 
3-5,12, 
14-16 

1.5,11 



TECHNICAL FIELDS 
SEARCHED (IMXI.7) 



G06F 



Place of aoareft 

MUNICH 



Doe C cornpatnn ol the waic-t 

3 December 2002 



Exantner 

San-Bento Furtado, P 



CATEGORY OF CITED DOCUMENTG 

X : portion tarty relevant if token alone 

Y : particularly relevant 1 oombined with anotfier 

oooument of the tarn* category 
A : toohno tog bal background 
O : nan-written dkctoaur* 
P '■ intermediate document 



T : theory or phnople underlying tna inventen 
E : a&rliar patent document, but pub It. had on, or 

after the filing data 
0 . document cited in tha application 
L : doeumant creed for othar rtoaone 

& : member of tha aama patent family, oorraaponding 



SOCCID: <EF 1271277A3_I_> 



2 



EP 1 271 277 A3 



ANNEX TO THE EUROPEAN SEARCH REPORT 
ON EUROPEAN PATENT APPLICATION NO. 



EP 01 20 2634 



This annex lists the patent lamily members relating to the patent documents cited in the above-mentioned European search report. 
The members ore as contained in the European Patent Office EDP file on. 

The European Patent Office is in no way liable for these particulars which are merely given tor the purpose of information. 

03-12-2002 



Patent document 


Publication 


Patent family 


Publication 


cited in search report 


date 


members) 


date 



US 6216230 



Bl 



10-04-2001 



US 
AU 
EP 
WO 

us 
us 



6189099 Bl 
5245599 A 
1099147 Al 
0007088 Al 
6425084 Bl 
6401205 Bl 



13-02-2001 
21-02-2000 
16-05-2001 
10-02-2000 
23-07-2002 
04-06-2002 



GB 2320597 



24-06-1998 AU 
W0 



2701799 A 
9918544 Al 



27-04-1999 
15-04-1999 



u For more details about this annex : see Official Journal of the European Patent Office, No. 12/82 



3 



